fix(core): make errors more resistant to tampering (#15789)

This commit makes error objects more resistant to
prototype tampering.

This bug was found when updating the deno_std Node compatibility
layer to Node 18. The Node test 'parallel/test-assert-fail.js'
was breaking std's assertion library.

Refs: https://github.com/denoland/deno_std/pull/2585

2 files changed, 10 insertions, 2 deletions

diff --git a/cli/tests/unit/error_test.ts b/cli/tests/unit/error_test.ts
index 444b0445a..f3c9e20e6 100644
--- a/cli/tests/unit/error_test.ts
+++ b/cli/tests/unit/error_test.ts
@@ -1,5 +1,5 @@
 // Copyright 2018-2022 the Deno authors. All rights reserved. MIT license.
-import { assert } from "./test_util.ts";
+import { assert, assertThrows, fail } from "./test_util.ts";
 
 Deno.test("Errors work", () => {
   assert(new Deno.errors.NotFound("msg") instanceof Error);
@@ -22,3 +22,11 @@ Deno.test("Errors work", () => {
   assert(new Deno.errors.Busy("msg") instanceof Error);
   assert(new Deno.errors.NotSupported("msg") instanceof Error);
 });
+
+Deno.test("Errors have some tamper resistance", () => {
+  // deno-lint-ignore no-explicit-any
+  (Object.prototype as any).get = () => {};
+  assertThrows(() => fail("test error"), Error, "test error");
+  // deno-lint-ignore no-explicit-any
+  delete (Object.prototype as any).get;
+});
diff --git a/core/02_error.js b/core/02_error.js
index edb9c4843..d8e823bb2 100644
--- a/core/02_error.js
+++ b/core/02_error.js
@@ -127,7 +127,7 @@
     let callSiteEvals = ArrayPrototypeMap(callSites, evaluateCallSite);
     callSiteEvals = ArrayPrototypeMap(callSiteEvals, sourceMapCallSiteEval);
     ObjectDefineProperties(error, {
-      __callSiteEvals: { value: [], configurable: true },
+      __callSiteEvals: { __proto__: null, value: [], configurable: true },
     });
     const formattedCallSites = [];
     for (const cse of callSiteEvals) {